Restricting download options

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Restricting download options

Jo Cook
Hi Devs,

I can see from config-security-mappings.xml that it's possible to restrict functions to users with particular roles (eg administrators, editors etc). Is it also possible to restrict functions to users in particular groups, eg is there a hasGroup option as there is a hasRole option?

Also I'm trying to understand where the formats for download are defined (eg zip. pdf, csv). Are they defined at schema level or across the whole catalog, and is it possible to a) define the fields that are shown in the export in each case, and b) restrict formats to specific roles or groups?

As an example, could I say that Editors from GroupA can export their metadata as ZIP but registered users from GroupB can only export as PDF? Plus that the PDF should contain a limited subset of the metadata fields?

Thanks

Jo

--
Jo Cook
t:+44 7930 524 155/twitter:@archaeogeek
Please note that currently I do not work on Friday afternoons. For urgent responses at that time, please visit support.astuntechnology.com or phone our office on 01372 744009


-- 
Sign up to our mailing list for updates on news, products, conferences, events and training

Astun Technology Ltd, The Coach House, 17 West Street, Epsom, Surrey, KT18 7RL, UK 
t:+44 1372 744 009 w: astuntechnology.com twitter:@astuntech

Company registration no. 5410695. Registered in England and Wales. Registered office: 120 Manor Green Road, Epsom, Surrey, KT19 8LN VAT no. 864201149.


_______________________________________________
GeoNetwork-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork
Reply | Threaded
Open this post in threaded view
|

Re: Restricting download options

Maria Arias de Reyna-2
Hi,

This file is the spring security mappings, so if Spring supported that...
https://docs.spring.io/spring-security/site/docs/3.0.x/reference/el-access.html

But it looks like the built-in expressions don't care about groups.
Probably because that's not "basic" authentication. I have no doubt we
can extend the expressions to include that, but it will need some
development. Like this:
https://www.baeldung.com/spring-security-create-new-custom-security-expression
On Tue, Nov 20, 2018 at 6:22 PM Jo Cook <[hidden email]> wrote:

>
> Hi Devs,
>
> I can see from config-security-mappings.xml that it's possible to restrict functions to users with particular roles (eg administrators, editors etc). Is it also possible to restrict functions to users in particular groups, eg is there a hasGroup option as there is a hasRole option?
>
> Also I'm trying to understand where the formats for download are defined (eg zip. pdf, csv). Are they defined at schema level or across the whole catalog, and is it possible to a) define the fields that are shown in the export in each case, and b) restrict formats to specific roles or groups?
>
> As an example, could I say that Editors from GroupA can export their metadata as ZIP but registered users from GroupB can only export as PDF? Plus that the PDF should contain a limited subset of the metadata fields?
>
> Thanks
>
> Jo
>
> --
> Jo Cook
> t:+44 7930 524 155/twitter:@archaeogeek
> Please note that currently I do not work on Friday afternoons. For urgent responses at that time, please visit support.astuntechnology.com or phone our office on 01372 744009
>
>
> --
> Sign up to our mailing list for updates on news, products, conferences, events and training
>
> Astun Technology Ltd, The Coach House, 17 West Street, Epsom, Surrey, KT18 7RL, UK
> t:+44 1372 744 009 w: astuntechnology.com twitter:@astuntech
>
> iShare - enterprise geographic intelligence platform
> GeoServer, PostGIS and QGIS training
> Helpdesk and customer portal
>
> Company registration no. 5410695. Registered in England and Wales. Registered office: 120 Manor Green Road, Epsom, Surrey, KT19 8LN VAT no. 864201149.
> _______________________________________________
> GeoNetwork-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
> GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork



--
Kind regards,
María Arias de Reyna Domínguez

GeoCat bv
T: +31 (0)318 416664


_______________________________________________
GeoNetwork-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork
Reply | Threaded
Open this post in threaded view
|

Re: Restricting download options

Jose Garcia
In reply to this post by Jo Cook
Hi Jo

See feedback inline.

Regards,
Jose García

On Tue, Nov 20, 2018 at 6:22 PM Jo Cook <[hidden email]> wrote:
Hi Devs,

I can see from config-security-mappings.xml that it's possible to restrict functions to users with particular roles (eg administrators, editors etc). Is it also possible to restrict functions to users in particular groups, eg is there a hasGroup option as there is a hasRole option?

Afaik, no, unless extending the integration with Spring Security to deal with GeoNetwork groups. But need some investigation.
 

Also I'm trying to understand where the formats for download are defined (eg zip. pdf, csv). Are they defined at schema level or across the whole catalog, and is it possible to a) define the fields that are shown in the export in each case, and b) restrict formats to specific roles or groups?


For pdf is used this formatter with output=pdf, it's the same as the full view formatter: https://github.com/geonetwork/core-geonetwork/tree/master/schemas/iso19139/src/main/plugin/iso19139/formatter/xsl-view. An option could be to create a new formatter for pdf with a restricted set of fields.

For ZIP, it's used the mef.export service. I don't see any option to apply a xslt process to the export, but can be a nice addition.


As an example, could I say that Editors from GroupA can export their metadata as ZIP but registered users from GroupB can only export as PDF? Plus that the PDF should contain a limited subset of the metadata fields?

Afaik any user allowed to a metadata can export it to any of the supported formats.


With some developments I guess can be possible to extend as in the UI, should be available the info about the metadata and user groups/profile.


Thanks

Jo

--
Jo Cook
t:+44 7930 524 155/twitter:@archaeogeek
Please note that currently I do not work on Friday afternoons. For urgent responses at that time, please visit support.astuntechnology.com or phone our office on 01372 744009


-- 
Sign up to our mailing list for updates on news, products, conferences, events and training

Astun Technology Ltd, The Coach House, 17 West Street, Epsom, Surrey, KT18 7RL, UK 
t:+44 1372 744 009 w: astuntechnology.com twitter:@astuntech

Company registration no. 5410695. Registered in England and Wales. Registered office: 120 Manor Green Road, Epsom, Surrey, KT19 8LN VAT no. 864201149.
_______________________________________________
GeoNetwork-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork


--
Vriendelijke groeten / Kind regards,

Jose García


Veenderweg 13
6721 WD Bennekom
The Netherlands
T: <a href="tel:+31318416664" style="font-family:Helvetica,Arial,sans-serif" target="_blank">+31 (0)318 416664

  

Please consider the environment before printing this email.


_______________________________________________
GeoNetwork-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork